CVE-2011-1160

The tpm_open function in drivers/char/tpm/tpm.c in the Linux kernel before2.6.39 does not initialize a certain buffer, which allows local users toobtain potentially sensitive information from kernel memory via unspecifiedvectors.

Ubuntu-Description

Peter Huewe discovered that the TPM device did not correctly initializememory. A local attacker could exploit this to read kernel heap memorycontents, leading to a loss of privacy.